Verizon breach report: senior executives are main targets!
8 May 2019
The freshly released 2019 Verizon Data Breach Investigations Report highlights that financially motivated cyber-attacks are on the rise, C-level executives are increasingly targeted by social breaches and one quarter of all breaches are still associated with espionage.
The annual go-to survey for security professionals shows that C-level executives – who have access to a company’s most sensitive information, are now the major focus for social engineering attacks. Senior executives are 12x more likely to be the target of social incidents, and 9x more likely to be the target of social breaches than in previous years – and financial motivation remains the key driver.
The fact that C-level executives are targets is no surprise, explains John Loveland, MBA, IGP, CIPP, Global Head of Cyber Security Strategy and Marketing at Verizon Enterprise Solutions, due to their high net worth and privileged account access.
He adds that although our cyber awareness is improving, attacks are increasingly pervasive across all industries, targeting organisations across the board, no matter what size. No one is immune.
Other key findings include:
- Compromise of web-based email accounts using stolen credentials (98 percent) rising – seen in 60 percent of attacks involving hacking a web application.
- One quarter of all breaches still associated with espionage.
- Ransomware attacks still strong, accounting for 24 percent of the malware incidents analysed
The report also shows that businesses are still slow to locate attacks, with over half of all breaches taking months or longer to be discovered. This leaves attackers ample time to cover their tracks or disappear. John Loveland advises companies to let the data be their guide and still recommends regular patching as a good way to keep protected - something companies are still failing to keep up with.
“This isn't about giving staff box-ticking exercises once a year, it's about ensuring every single employee has a clear understanding of the risks they encounter daily, and empowering them to manage those risks. Employee attitudes need to change from a state of compliance and inattention, to one of commitment and constant vigilance," states Steve Malone, Cyber Resilience Expert at Mimecast.
The report also highlights threats faced by individual industries, as well as offering guidance on what companies can do to mitigate against these.
Bryan Sartin, Executive Director of Security Professional Services at Verizon comments, "Even though we see specific targets and attack locations change, ultimately the tactics used by the criminals remain the same. There is an urgent need for businesses – large and small – to put the security of their business and protection of customer data first. Often even basic security practices and common sense deter cybercrime.”
A pdf of the report can be read here: 2019 DBIR Executive Summary.